Threat intelligence for security analysts

Analyze, investigate and instantly respond to critical threats

The AutoFocus™ contextual threat intelligence service speeds your ability to respond to cyberattacks faster.


Faster, more precise threat analysis

Disconnected tools and data sources have made it harder for security analysts to do their jobs quickly and effectively.

AutoFocus contextual threat intelligence brings speed, consistency and precision to threat investigation. It provides instant access to community-based threat data, enhanced with deep context and attribution from the Unit 42 threat research team, saving time and effort. Now your teams can quickly investigate, correlate and pinpoint malware’s root cause without adding dedicated malware researchers or additional tools. Plus, automated protections make it simple to turn raw intelligence into protection across your environment.


Draw on rich data with context to improve the accuracy of your analysis and speed of your response

Easily tap into threat data with full context

AutoFocus gives you instant access to billions of samples and trillions of artifacts collected from the WildFire® malware analysis prevention service worldwide. It combines automated analysis with human intelligence from the Unit 42 threat research team, adding context and attribution to threats. And it brings together all in-house and third-party threat data in one system, without the need for multiple tools.

Learn more


Quickly analyze threats and investigate root causes

With AutoFocus your teams can quickly pinpoint the root cause of attacks with lightning fast search across hundreds of pre-defined or customizable queries. Security analysts gain deeper insights into attacks with pre-built Unit 42 tags for malware family, adversary, campaign, malicious behavior and exploits – no dedicated malware research team is needed. And you can automatically surface high-impact threats and Indicators of Compromise, or IOCs, with statistical analysis to prioritize investigations.


Improve the speed and precision of your response to attacks

AutoFocus automatically delivers protections to next-generation firewalls for real-time enforcement, so you can dramatically cut response times to attacks. You can organize third-party threat intelligence feeds and share indicators for prevention using MineMeld™ threat intelligence syndication engine. And with the easy-to-use API for access to collected intelligence, you can instantly enrich third-party tools and SIEMs.

Learn more


Related products


Palo Alto Networks next-generation firewalls are architected to safely enable applications and prevent modern threats.

Learn more


WildFire® malware prevention service is the industry’s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware.

Learn more


MineMeld is an open-source threat intelligence processing tool that extracts threat indicators from various sources and compiles the indicators into multiple formats.

Learn more